Share
## https://sploitus.com/exploit?id=1935CCF1-DCD7-5588-B91B-6049139A1A77
# π‘οΈ AI-POCStudio
### Intelligent Vulnerability Reproduction and POC Automation Debugging Terminal
**Data never goes online; the internal network is fully controllable.**
[](https://www.python.org/)
[](LICENSE)
[]()
A desktop terminal powered by AI for vulnerability reproduction and POC automation debugging, designed for **Red Teams, Security Researchers, and Cybersecurity Professionals**. Paste vulnerability information β AI generates POCs in real-time β Run in a sandbox with one click β Automatic error fixingβa fully closed-loop process.
---
## β¨ Key Features
| Feature | Description |
|--------|------------|
| π§ **AI-generated POCs** | Interfaces with OpenAI-compatible models like DeepSeek, GPT, and Ollama, generating code in real-time |
| π **100% Privacy** | Seamlessly compatible with local Ollama offline models; data never goes online |
| π‘ **CVE Intelligence Monitoring** | Real-time tracking of the latest global CVE announcements; displays them in card format for easy reproduction |
| π **Long Text Intelligent Dehydration** | Uses trafilatura and regular expressions to extract core elements like CVE IDs, attack paths, and payloads |
| β‘ **Asynchronous Sandbox Execution** | Runs subprocesses independently, with real-time stdout/stderr output |
| π§ **AI-Automatic Fixing** | Automatically sends error tracebacks to AI for code repairs in one click |
| π **Flexible Proxy Configuration** | For CVE alerts from overseas, UI input is synchronized in real-time without restarting the system |
---
## πΈ Workflow Demonstration
```
βββββββββββββββββββ
β π‘ CVE Intelligence Monitoring β
β Cards-style Display β
β One-Click Reproduction β
β π§ AI-generated POCs β
β β‘ Sandbox Testing β
β Real-time Console Display β
β Parameter Injection β
βββββββββββββββββββ
β
β π§ AI-Correcting in One Click
βββββββββββββββββββββββββββ
Automatic Error Fixing
```
---
## π Quick Start
### 1. Clone the Project
```bash
git clone https://github.com/lehi520/AI-POCStudio.git
cd AI-POCStudio
```
### 2. Install Dependencies
```bash
pip install -r requirements.txt
```
### 3. Configure the API
Edit `config/settings.json` and fill in your API configuration:
```json
{
"ai": {
"base_url": "https://api.deepseek.com/v1",
"api_key": "sk-xxxxxxxxxxxxxxxx",
"model": "deepseek-chat"
},
"proxy": {
"enabled": true,
"http": "http://127.0.0.1:7890",
"https": "http://127.0.0.1:7890"
}
}
```
#### Supported AI Backends
| Backend | Base URL | Description |
|--------|----------|------------|
| **DeepSeek** | `https://api.deepseek.com/v1` | Affordable domestic code model |
| **GPT-4o** | `https://api.openai.com/v1` | Official OpenAI interface |
| **Ollama Local** | `http://localhost:11434/v1` | Fully offline, no data leakage |
> π‘ **Internal Network/Internet Outage Scenarios**: Use Ollama local model; all data stays on this machine, ensuring enterprise security compliance. ### 4. Start
```bash
python main.py
```
## π Project Structure
```
AI-POCStudio/
β
βββ core/ # Core business logic layer (pure Python, no UI dependencies)
β βββ ai_client.py # Unified AI API adapter (streaming Prompt + automatic repair)
β βββ crawler.py # CVE updates extraction (CVE 5.0 self-healing parsing)
β βββ parser.py # Web text extraction + long text dehydration (CVE/Payload/path extraction)
β βββ executor.py # Subprocess sandbox (asynchronous execution + real-time output capture)
β
βββ gui/ # GUI layer (CustomTkinter dark tech style)
β βββ components.py # Custom components (cards, console, code editor, status bar)
β βββ main_window.py # Three-panel main window + full workflow integration
β
βββ config/
β βββ settings.json # Dynamic configuration (API keys, proxies, model selection)
β
βββ assets/
β βββ dark_theme.json # Dark theme color scheme
β
βββ main.py # Main program entry point (disclaimer, environment check, GUI startup)
βββ requirements.txt # Third-party dependency list
```
---
## βοΈ Technical Architecture
```
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β GUI Layer (CustomTkinter) β
β Three-panel layout β Card components β Streaming console β Code editor β Status bar β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Core business logic layer (pure Python) β
β ββββββββββββ ββββββββββββ ββββββββββββ ββββββββββββ β
β β ai_clientβ β crawler β β parser β β executor β β
β β OpenAI β CVE extraction β β trafilat β β subprocessβ β
β β Streaming API β Self-healing parsing β β regex dehydration β β Sandbox isolation β β
β ββββββββββββ ββββββββββββ ββββββββββββ ββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β External services (optional) β
β DeepSeek API β Ollama local β CVE.circl.lu β Target websites β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
```
---
## π Key Design Features
### Harmless Security Constraints
System Prompt hardcodes the following rules:
- β
Only generates **verifiable** code (DNSLog / Echo display / reading harmless files)
- β **Strictly prohibited**: shell reverse shells, webshells, backdoor implants, DoS attacks
- β
Must use `argparse` parameter specifications (`--target`, `--proxy`, `--timeout`)
- β
Must include complete `try-except` exception handling
### CVE 5.0 Self-Healing Parser
To address the issue of inconsistent JSON structures returned by the `cve.circl.lu` API, a three-layer degradation parsing mechanism is built-in:
1. Standard path lookup (`cveMetadata.cveId`)
2. Traversal of root node keys (`id`, `cve`, `summary`)
3. Final recursive scan (traversing the entire tree to find the longest technical description)
---
## π Dependencies
| Library | Purpose |
|----|------|
| `customtkinter` | GUI framework |
| `openai` | Unified AI API calls (compatible with DeepSeek/Ollama) |
| `requests` | HTTP requests |
| `trafilatura` | Intelligent web text extraction |
---
## β οΈ Disclaimer
This tool is intended only for **legal network security self-checks and educational research**. Users must strictly comply with local laws and regulations. Any legal liabilities arising from improper use are the responsibility of the user.
---
**If this project was helpful to you, please give a β Star of support!**